How the U.S.’s Bicycle Infrastructure Fails the Rural Cyclist

Greetings long time readers. Thanks for bearing with me during my hiatus from posting as well as the moving around of things. If you’re still reading this, you’re a dedicated friend. :)

I’d like to take a moment and discuss Cherokee Schill’s fight in Kentucky. The basic gist, she’s been fighting a court battle over whether or not she has the right to ride in the middle of a lane on a busy highway running between two towns in Kentucky. I’m not familiar with the highway or traffic conditions at all, so I’m not going to express an opinion except for this, she should have never have been placed in a position to have to make that choice.

The U.S.’s bicycle infrastructure has failed Cherokee Schill and has failed every other cyclist who has been forced to make the choice of taking the lane on a busy highway and possibly incurring the wrath of local law enforcement (even if the law allows you to take the lane) or riding in a shoulder poorly designed for cyclists. Either option is also not seen as safe by the general public, nor is either option pleasant for cyclists who chose to brave these highways.

We can do better. Infrastructure for cyclists, where it exists in the U.S., is piss poor. This is doubly so for rural highways where motorized traffic speeds are much higher.

Take a look at this video:

This is great cycling infrastructure from the Dutch. They’ve got this figured out.

Compare that to conditions that Cherokee Schill encounters on her commute:

Yes, Cherokee had a shoulder. It’s difficult to tell, but there is a rumble strip on that shoulder that is no fun for cyclists to cross. It also difficult to see if and what kind of debris exists on the shoulder. That’s not a road that the large majority of people in the U.S. would ride their bicycle on, much less on a daily basis for their commute. Kudos to Cherokee for braving that road.

Bicycling will never become mainstream for transportation in the U.S. until we step up our game and design and provide infrastructure that is on par with that of the Dutch.

A Review of Republic Wireless

I recently made a switch to Republic Wireless, a low-cost MVNO (Mobile Virtual Network Operator) on Sprint’s network. I’ve been with them for a little over a week and wanted to share my experience.

Wi-Fi calling

First, a little background about Republic Wireless. They’re owned by Bandwidth.com, which is a fairly large VoIP services provider. What makes them unique is Republic Wireless will offload your phone calls over a connected Wi-Fi network instead of using the cellular network. If for some reason, your phone detects problems with the Wi-Fi, your phone will handover the call to Sprint’s cellular network. If you’re not within range of any configured Wi-Fi networks, it will place and receive calls through Sprint’s cellular network. Your SMS and MMS messages even get pushed through an available Wi-Fi network.

Continue reading

Getting Modem Statistics to Cacti

I’ve been having problems with a flaky DSL connection from CenturyLink. My modem would frequently ‘retrain,’ that is, disconnect and reconnect the DSL session. This is rather annoying, and since I use VoIP for most phone calls when I’m at home, very irritating.

I wanted a method to log the modem’s statistics and see if I could find any correlation with the drops. One of the unfortunate realities with consumer level equipment is the lack of standard monitoring capabilities. Most enterprise level equipment support SNMP, which allows various software programs to request information.

Continue reading

Guesstimating Quality of VoIP pt. 2: VoIP Spear

In part 1 of this series, I went over the basics of using Pingtest.net to guesstimate how well your Internet connection can handle VoIP calls. Pingtest.net is a great for one time measurements of important metrics such as latency, packet loss and jitter.

1024px-Dialog_1966_grau

In this post, I’ll talk about VoIP Spear. VoIP Spear is a service that will allow continuous monitoring of your Internet connection. The site works by sending ICMP echo requests to your public IP address.

Continue reading

Guesstimating Quality of VoIP pt. 1: Pingtest.net

Utility LinesLand-based telephony is quickly going the way of the Dodo. More and more people are either completely getting rid of their telephone line entirely (and relying on cell phones) or they’re switching to lower-cost VoIP services such as Ooma or Vonage. Switching to a VoIP service sounds like a great deal, however, what is not always apparent is the quality of your Internet connection can greatly affect the quality of calls.

If you’re considering switching to VoIP, you’d be wise to make sure your Internet connection is going to provide you with acceptable quality.

There are a couple things you can do to estimate the quality of VoIP calls. This post will discuss Ookla’s Pingtest.net. I’ll write another post that will discuss a service for continuous monitoring of your connection.

Continue reading

Patching Lync Server 2013 Frontends

We finally implemented a complete HA solution at work for Lync Server 2013. This includes three frontend servers. This allows us to perform maintenance on the frontends with very little end user impact. When applying Windows Updates to Lync Server 2013, you should always follow Microsoft’s advice at this article. Having said that, here are a couple powershell commands you can use to make stopping the services on the frontends easier.

Perform the following steps after issuing the command Get-CsPoolUpgradeReadinessState and following Microsoft’s recommendations.

  1. The first command allows you to set all services into a manual startup state. This is necessary in case a server needs to be rebooted multiple times to apply updates.
    Get-CsWindowsService | Set-Service -StartupType Manual
  2. Next, stop all the services gracefully. This allows steady draining of connections.
    Stop-CsWindowsService –Graceful
  3. Apply all the updates you need and reboot as necessary. If you have a three frontend setup, you can keep one frontend down for as long as necessary, provided neither of the other two fail.*
  4. Once all updates are applied, start the services.
    Start-CsWindowsService
  5. Now, we can set the services back to delayed automatic startup.
    Get-CsWindowsService | %{“sc.exe config ” + $_.Name + ” start= delayed-auto” | Invoke-Expression}
    Note that the above command is a bit more complex than the counterpart that sets all services into manual mode. This is because the Set-Service cmdlet doesn’t have functionality for delayed automatic startup.

I hope that helps. I found it was going to be tedious opening the services MMC and setting each service to manual individually and reversing that.

* In Microsoft’s Lync Server supported topologies article, it is noted that in a three server farm, if the number of frontends drops below two, the remaining frontend goes into survivability mode and stops Lync services after five minutes. Keep that in mind when planning maintenance.

F5 Big-IP LTM Active Directory Authentication

This is something that took me much longer than it probably should have.

We have a couple new F5 Big-IP LTM load balancers that we’re in the middle of setting it up. We wanted to have Active Directory authentication.

First we need specify how to connect to our Active Directory:

  1. Log into the web console with the admin account
  2. Navigate to System -> Users -> Authentication
  3. Leave Authentication at Basic and click the Change… button.
  4. Set User Directory to Remote – Active Directory
  5. Set Host to your domain name. If you need a specific domain controller, enter that instead.
  6. Set Remote Directory Tree to the distinguished name of the container in which your user accounts reside. F5 recommends this be as specific as possible. This should be something like: ou=AdminAccounts,dc=contoso,dc=com.
  7. Next, you can either specify a specific account to bind to LDAP with, or use the user’s credentials. We used the user’s credentials. To do that, you can set the User Template attribute and do not enter anything in Bind. Our User Template looks something like: %s@contoso.com. The %s indicates what the user types into the logon screen.
  8. Leave the rest as defaults.
  9. Click Finished.

You probably have something that looks like this:

CLB1 Active Directory

We now need to specify which groups have what access.

  1. Click the Remote Role Groups tab.
  2. Click the Create… button.
  3. Enter a Group Name.
  4. Enter a Line Order. The LTM will process groups in order of their Line Order number. F5 recommends your first group starts at 1000, so you have room before and after.
  5. For Attribute String, enter an LDAP attribute to match off of. Most people will use an Active Directory group containing the administrative accounts. This is done with the Attribute String like: memberOf=cn=LTMAdmins,ou=AdminGroups,dc=contoso,dc=com.
  6. Set Remote Access to Enabled in order to allow the group remote access. (Probably want this enabled)
  7. Set Assigned Role to the role these users should reside in.  Administratorgives full access.
  8. We set Partition Access to All. Set this appropriately.
  9. Terminal Access specifies the terminal which the users have access. tmsh is the default.
  10. Click Finished.

You should now have something like this:

CLB1 Remote Groups

That should get you basic Active Directory authentication working with a group of Administrators.

 

Fedora 20 and Locking the CD-ROM Drive From Ejecting

I have an 18 month old toddler that loves to run up to my laptop while I’m working and push the eject button on CD-ROM drive and pull on the tray. One of these days, I’m worried he’s going to break it off.

It is possible, using the ‘eject’ command, to lock the tray and prevent it from being ejected by the button.

On Fedora 20, you’ll need to perform a few steps as root to get it working.

  1. Copy
    /lib/udev/rules.d/60-cdrom_id.rules
    to
    /etc/udev/rules.d/
  2. Open the copied file, and comment out the line beginning with ENV{DISK_EJECT_REQUEST}==
  3. You may need to force udev to trigger your rules: udevadm trigger

You can now use the eject command to enable the lock. Executing eject -i on will spit out eject: CD-Drive may NOT be ejected with device button, effectively locking your toddler out of your CD-ROM drive.

Migrate Hyper-V Windows Guest to KVM w/ libvirtd

Microsoft Hyper-V is a great hypervisor if all you have are Windows guests. Unfortunately, the support for Linux guests is not the greatest. KVM, on the other hand, has great support for both Windows and Linux guests. For this reason, I’ve been working on moving the hypervisor I have in my home from Hyper-V to KVM.

KVM BannerThis post will detail the steps necessary to migrate a Windows guest from Hyper-V to KVM. The version of Hyper-V I’m running is 2012R2 and the guest is Windows 8.1.

Continue reading

Heartbleed, What it is, What Should you do?

As long as you haven’t been hiding under a rock for the past week or so, you’ve most likely heard of a fairly catastrophic security issue called “Heartbleed.”

Rather than boring you with the details of what Heartbleed is, I found a great video that wonderfully describes it and its ramifications from a high level:

And, rather me tell you what to do, I’ll let Brian Krebs, one of the foremost security journalists tell you: Krebs on Security: Hearbleed Bug: What can you do?

Finally, if all you want to do is check if a particular website is vulnerable, I suggest using the tool from possible.lv: http://possible.lv/tools/hb/. This tool will also be able to tell you if a particular websites certificate has been changed since the vulnerability was discovered.